Trust.: Responsible AI, Innovation, Privacy and Data Leadership

By Dominique Shelton Leipzig

Every company today relies on data, yet many leadership teams struggle to fully leverage data as an asset while avoiding ethics scandals that erode consumer trust. This indispensable guide provides executives and board members an actionable playbook to transform their organization into an ethical data leader poised for innovation and growth.

Drawing from her decades advising Fortune 100 companies on data strategy, privacy, AI, and digital innovation, author Dominique Shelton Leipzig reveals how to align your data practices with long-term strategic goals, build an ethical data culture focused on trust, avoid costly legal missteps, and drive revenue through responsible AI implementation.

You'll learn the key questions to ask to truly understand your customers, streamline operations with legal AI, monetize data opportunities, and ensure legal compliance in a rapidly evolving regulatory environment. With clear solutions to common data dilemmas, this book gives you the strategies and framework needed to derive maximum value from data while earning customer loyalty.

Become the CEO who boldly steers their company toward data-driven profits, innovation, and success. Equip yourself with a playbook to transform your organization into a responsible data steward that stakeholders can trust. Don't leave your data strategy to chance - read this book and lead.

• Language: English
• Publisher: Forbes Books
• Release date: Dec 26, 2023
• ISBN: 9798887501741

Dominique Shelton Leipzig

DOMINIQUE SHELTON LEIPZIG is an internationally recognized attorney advising clients on data strategy, privacy, AI, and digital innovation. She trains CEOs and boards on digital ethics and is a member of the advisory board of the AI Governance Center. Dominique is based in Los Angeles and speaks English and French.

Book preview

Praise for Trust.

and Dominique Shelton Leipzig

Data is transforming virtually every company in every industry, and every CEO and their Board of Directors must adapt to this new reality. Data has become one of the most valuable resources that enterprises own and leaders must learn to mine it for maximum returns and protect it with as much diligence as they do for every other asset on their balance sheets. Dominique Shelton Leipzig has laid out a clear playbook to assist the best leaders to differentiate their brands by building trust with their customers, shareholders, and employees.

— Paul Witkay

Founder & CEO of the Alliance of Chief Executives

"Trust, authored by one of the nation’s leading technology and data privacy experts, is written for CEOs and board members who must lead on ensuring advancing technologies, like AI, are good for business and good for society. Shelton Leipzig’s book is a must read for any executive seeking to innovate with AI within governance and guard rails."

— Dr. Lori Esposito Murray

President, Committee for Economic Development of The Conference Board

AI, data, privacy, and cyber are constant discussion topics with today’s corporate board directors and executive management. Thus, leaders who are seeking strategies on how to decipher emergent technologies should read this book!

— Agnes Bundy Scanlan, Esq.

President, The Cambridge Group, and Public and Private Company Independent Board Member

"Trust makes clear that successful AI deployment depends upon training the next generation of AI professionals on responsible, ethical, and trustworthy AI governance."

— J. Trevor Hughes

President and CEO, International Association of Privacy Professionals (IAPP)

ht01t01

Copyright © 2024 by Dominique Shelton Leipzig.

All rights reserved. No part of this book may be used or reproduced in any manner whatsoever without prior written consent of the author, except as provided by the United States of America copyright law.

Published by Forbes Books, Charleston, South Carolina.

An imprint of Advantage Media Group.

Forbes Books is a registered trademark, and the Forbes Books colophon is a trademark of Forbes Media, LLC.

Printed in the United States of America.

10  9  8  7  6  5  4  3  2  1

ISBN: 979-8-88750-173-4 (Hardcover)

ISBN: 979-8-88750-174-1 (eBook)

Library of Congress Control Number: 2023920547

Cover and layout design by Matthew Morse.

Photo Credits: Hardy Image Group / Hardy House In conjunction with Industry Consultants; Creative Director, Executive Producer and Hair Stylist: Quintin QLoveBug Hardy; Executive Producer: Janine Saulsbury; Photographer: Keith Major; Make Up Artist: Christopher Micheal; Hair Color: Shendra (Trenee) Coleman; Fashion Director: Kimberly King; Fashion Stylist: Jai Hudson; Nail Tech: Keith Pika Holmes; Video Production: Rhadmaes Julian / Black Pixel Production; Drone Operator: Brandon Fresh Overton; Photo Asst: Saoni Fortuna Photo Editor: Ryle Watson

This custom publication is intended to provide accurate information and the opinions of the author in regard to the subject matter covered. It is sold with the understanding that the publisher, Forbes Books, is not engaged in rendering legal, financial, or professional services of any kind. If legal advice or other expert assistance is required, the reader is advised to seek the services of a competent professional.

Since 1917, Forbes has remained steadfast in its mission to serve as the defining voice of entrepreneurial capitalism. Forbes Books, launched in 2016 through a partnership with Advantage Media, furthers that aim by helping business and thought leaders bring their stories, passion, and knowledge to the forefront in custom books. Opinions expressed by Forbes Books authors are their own. To be considered for publication, please visit books.Forbes.com.

To my husband, Adam, who encouraged me to write this book;

to my mother, Marie-Denise, and sister, Colette Shelton, who have been sources of constant support in my career and life;

and to my late father, Lawrence Michael Shelton, who was a visionary and showed me the importance of innovative thinking and integrity that led me toward trust.

To my wonderful colleagues and my valued clients who continuously inspire me.

Disclaimer: The views expressed are my own and do not constitute legal advice, nor do they constitute an attorney-client relationship. They also do not represent the views of my employer or any other company.

imgx

Introduction

Chapter 1

Data Is Core to Your Mission

Chapter 2

A Post-Data World in Detail

Chapter 3

Geopolitical Issues Surrounding Data

Chapter 4

C-Suite and Board Data Privacy and Security Liability

Chapter 5

Why Data Leadership Is Important Now

Chapter 6

Board-Level Cyber, Privacy, and Data Risk Governance

Chapter 7

Four Ways That Data Strategy Can Enhance Your Revenue by Billions

Chapter 8

Ask These Questions to Develop a Digital Strategy and Value Your Data

Chapter 9

Artificial Intelligence: The Future Is Now

Chapter 10

Take Charge and Lead: Seven Keys to Implementing Data Strategy in Your Company

Chapter 11

Leading with a Legally Compliant Data Transformation Program

Chapter 12

Conclusion

Acknowledgments

About the Author

Dominique Shelton Leipzig

Endnotes

img001

In 2019 I recall telling a group of CEOs in the healthcare, aviation, and financial businesses, You are a data leader because your company is a data company. Back then the response was this:

But wait… were not a data company.

Post-COVID-19, it is understood: every company is a data company. Today CEOs and board members understand that there is no such thing as a company that is not driven by data. From recruiting to marketing to operations to competitive advantage, every company needs data to grow, thrive, and develop now and in the future. The advances in generative artificial intelligence (AI), large language models, and quantum computing will only accelerate this fact.

I was honored to found and create the Digital Trust Summit¹ at the Watson Institute at Brown University, where CEOs and board members from sixty-two companies, including Brian Moynihan, the CEO of Bank of America, and other speakers convened to discuss the importance of digital trust from everything ranging from generative AI to privacy to data security to national security.

Advances in technology will make so much possible. The use of AI identified an important cancer treatment and predicted results in just thirty days,² and the prospect of democratizing personalized medicine is here. Generative AI models are being innovated to revolutionize the finance industry. Education is being reimagined. One article reported, Generative AI could also be used to create adaptive learning experiences that would adjust in real time to students’ needs and abilities.³ And strides have been made in protecting the environment and tackling poverty. The promise of generative AI, quantum computing, and technologies that we cannot even imagine yet will be based on data.

These technologies are and will continue to be game changers. With the dizzying possibilities for what evolving technologies such as generative AI can produce in our society and for your companies comes the imperative for responsible data stewardship so the innovations can be trusted.

I am writing this book to talk to you, the CEO or board member who exemplifies the leadership of the company you are associated with. I am using my experience to help guide leadership in the next generation of technology. If Web 1.0 and 2.0 could be characterized by the mantra move fast and break things, then what if we reimagined that mantra to deal with the awesome opportunities and responsibilities that data brings to us today?

What if we moved fast with trust? This book argues that innovation does not have to be synonymous with breaking anything. Instead, we can innovate by garnering the trust of our customers, business partners, and colleagues. Therefore, for the purposes of this book, digital trust means CEOs and board members ask the right questions to ensure trustworthiness so that the broader community can trust the technology that is already so crucial to key verticals in all of our lives—health, education, financial growth, critical infrastructure, and national security, to name a few crucial areas. This can only happen when senior leadership is driving the trust discussion and humans are at the core of how we leverage technology.

Why should we lead with trust? Because breaking things has cost our global economy over $7 trillion in market cap over a twelvemonth period. Put another way, the losses that have been incurred because of data privacy and security lapses last year are about equal to the $7 trillion it is estimated that generative AI will add to our global economy over the next ten years. Bluntly, companies that have responsible data stewardship have garnered trust from their customers, regulators, and business partners. In turn, as I detail in chapter 5, trust in the brand has propelled those companies to market leadership. In fact, the first company to achieve a $3 trillion market cap touts its commitment to trustworthy AI and privacy as a brand differentiator. Other companies that have not focused on trust have seen their stock tank.

This book shows you how, as a CEO or board member, you can be a data leader and how you can join the $3 trillion-plus market cap club by leading your organization with a focus on digital trust. To do this, you need to understand a few things: (1) trust cannot be delegated; (2) data leadership requires more than having an amazing chief information security officer (CISO), as the trust story goes beyond data breaches; and (3) the companies that win in the future will be the ones the consumers, international regulators, and business partners trust.

Also, from my thirty-plus years of experience as an attorney, I am writing to let you know that trust is achievable. Do not listen to those who encourage you to believe that disastrous data breaches, algorithmic bias, and privacy violations are unavoidable and the cost of leveraging technology. They are not. In fact, most things I see are totally avoidable and could be addressed if the tone at the top was encouraging of achieving trust.

Leaders ask me what they can do to address highly technical areas such as AI or other emerging technologies. There are several steps you as CEOs and board members can take to avoid these negative outcomes. You can

•get more involved with creating a trust culture within your own organization;

•take the time to understand that cybersecurity does not cover all data opportunities or risks (e.g., AI and data privacy are separate areas that your CISO may not be trained on);

•ensure that the right experts are in the room and part of the ongoing conversation to get smart on data impacts and trends (i.e., a combination of legal, technical, and board consultants is necessary now);

•establish policies that treat the company’s digital footprint as if it were the company’s DNA;

•make sure that this digital DNA is aligned with the brand expectations;

•treat your organization’s data like the asset that it is and regularly assess the enterprise opportunities and risks for that data, just like every other valuable asset of the company; and

•pledge to stay curious and be a continuous digital learner.

To ignore these issues is at your own peril. Challenges to trust can present themselves in reports of algorithmic bias, privacy violations in data sharing practices, and disastrous data breaches and disruptions. These, in turn, can lead to serious consequences, including regulatory oversight in the 160-plus countries with data protection laws, as well as leaving customers without the essential trust that their data is cared for properly. We only need to read the papers or browse our newsfeeds to see that those companies that customers do not trust inevitably experience free falls in market cap in the marketplace.

In addition, you risk potential inability to communicate and connect to your customers and clients and the resulting business losses—and worse.

The days when data was thought of as the purview of the IT department are gone. First, cyber risks are only part of the equation. Trust in terms of data collection use and sharing are the subject of 160-plus data protection laws.⁴ The IT team, acting alone, more often than not is not privy to all of these nuances. Nor is it realistic for them to be. While CISOs are common in large companies, they are focused on data breaches and not necessarily steeped in some of the risks associated with data privacy (e.g., collection and use of data) that have cost companies over $1 trillion in market cap. Two decades ago, few companies had a chief data officer or analytics officer. However, in 2022 NewVantage Partners’ annual data and AI leadership survey of Fortune 1000 companies titled The Quest to Achieve Data-Driven Leadership: A Progress Report on the State of Corporate Data Initiatives revealed a record 77 percent of companies have someone in the C-suite with that title.⁵ The challenge has been that while these roles are in the C-suite, they are not often speaking to the CEO and board at all or enough. This has created a disconnect between the information the CEO and board need to properly leverage opportunities and anticipate risks.

Consider this: Would a company’s board and CEO really make the calculation that it is best to lose $800 billion in market cap than to invest $1 million in responsible data stewardship? Does this seem like an outlandishly silly question? This is what I observe when I read the papers about companies losing ad revenue in 2022 based on data privacy trends that were detailed in draft legislation in most of the world ever since 2016. This is also the calculation many of you reading this book make every day unwittingly. Yet these issues can be overcome by engaging third-party advisors to get the necessary support to assess options. A realization needs to occur that among the third-party advisors that should be in the room are technologists, lawyers, and consultants who can quantify opportunity and risk to get the company where it needs to be.

I have observed that boards and CEOs rely on three sources of information that lead to blind spots that are harming reputations and market cap when the CEO and board do not take additional steps to inform themselves so they can manage risks appropriately. For innovation opportunities, CEOs and boards rely on consultants. While consultants are brilliant strategists as it relates to opportunity, it should be understood that they need the support of legal counsel to help structure system solutions in a manner that will be compliant with and anticipate legal requirements and trends. Many of the companies suffering nosedives in market cap had consultants. Losses have occurred because the companies, following consultant advice, have sunk trillions into systems only to learn after the fact that evolving legal frameworks challenge their structure. The missing piece of the equation here is not understanding that it is not necessarily the consultants’ job to scour hundreds of pages of existing or pending legislation to help CEOs and board members see legal trends before they happen so that the organization can build necessary systems in accordance with those trends. A legal board advisor with significant data experience is needed to achieve this. It takes my law firm with two thousand lawyers and one hundred employees devoted to data protection all day long every day to stay on top of the rapidly changing legal landscape in the areas of privacy, AI, cybersecurity, and national security. It is unrealistic to expect that your general counsel, who might come from an M&A or other background, will be able to anticipate all the opportunities and risks when this is not their background, nor do they have time to spend on these issues all day. They need support.

Similarly, many boards and CEOs take the approach that our CISO has the data issues covered and will alert them to risk. But this approach ignores the fact that CISOs are not generally trained in how to prevent algorithmic bias or ensure systems are built in accordance with the vastly enlarged legal landscape related to data privacy or IP rights for training data models.

Even as CEOs and boards delegate the oversight duties to consultants and technical teams that themselves do not have the full picture, they are increasingly being held personally accountable for the data of their company, even when they have not been fully briefed about all of the variables. Here are some recent cases that should give every single CEO, C-suite, board member, or leader pause because they are totally avoidable if the right constellation of advice has been activated by the CEO and board in real time.

Data Accountability Is a CEO’s Obligation

A direct-to-home alcohol delivery service based in Boston, a subsidiary of a major tech company, was recently the subject of an enforcement action by the United States’ Federal Trade Commission (FTC). The alcohol delivery service has a website that links the client—that person who has just discovered they did not buy enough wine for their dinner party when unexpected guests turn up—to retailers who offer delivery.

The company had a massive data breach, exposing the personal information of approximately 2.5 million customers. Worse, it was alleged by the regulators that the company and its CEO were informed that the company had significant security issues two years prior to the actual breach but did not put in place any steps to protect the data from nefarious hackers. The allegations that faced this company are pretty much a textbook example of what not to do.

The FTC has taken action against this company—and its orders have some teeth to them. All CEOs and boards of directors should pay close attention. The FTC’s proposed order against this major delivery company not only restricts what the company can retain and collect going forward but also ensures the CEO faces consequences for the company’s carelessness…. CEOs who take shortcuts on security should take note.⁶

In its complaint, the FTC alleges that the company and the CEO committed the following:

•Failed to implement basic security measures.

•Stored critical database information on an unsecured platform.

•Neglected to monitor the network for security threats.

•Exposed customers to hackers and identity thieves.⁷

The company and the CEO are required to do the following:

•Destroy unnecessary data.

•Limit future data collection.

•Implement an information security program.⁸

But perhaps most notably—and thus very important to point out to readers of this book—the order applies personally to the CEO. As we know, CEOs frequently move from one corporation to another, and if they leave a mess in their wake, there are generally few consequences. But the FTC’s order amounts to a so-called scarlet letter, following this CEO even if he leaves. Specifically, the CEO will be required to have an information security program at future companies if he moves to any business that collects consumer information from more than twenty-five thousand individuals and where he is a majority owner, CEO, or senior officer with information security responsibilities.⁹ He will also be obligated to report to the board of the existing company or any future company for ten years following the order about the state of the information security program.

Quoting the press release regarding the decision,

Our proposed order against [the company] not only restricts what the company can retain and collect going forward but also ensures the CEO faces consequences for the company’s carelessness, said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. CEOs who take shortcuts on security should take note.¹⁰

Algorithmic Bias Can Be Avoided

With the explosion of generative AI and other emerging technologies, the issue of algorithmic fairness/bias is front and center in the news. The United States Justice Department has demonstrated willingness to pursue companies for algorithmic bias.

On April 25, 2023, amid the excitement for the possibilities brought about by the commercialization of technologies such as generative AI, four federal agencies issued a Joint Statement on Enforcement Efforts against Discrimination and Bias in Automated Systems. In the statement, the Consumer Financial Protection Bureau (CFPB), the Department ofJustice’s Civil Rights Division, the Equal Employment Opportunity Commission (EEOC), and the FTC reiterated their intention to enforce civil rights, nondiscrimination, fair competition, consumer protection, and other legal protection.¹¹

As the CFPB noted in a separate press release of the same date, All four agencies have previously expressed concerns about potentially harmful uses of automated systems and resolved to vigorously enforce their collective authorities and to monitor the development and use of automated systems.¹²

Without waiting to be investigated, CEOs and board members can anticipate and address these issues by asking teams whether an algorithmic justice or algorithmic fairness/bias review has been conducted. The statement lays out the areas of concern: (a) training data, (b) model transparency, and (c) design and use of the models are likely areas of enforcement, so board members and CEOs will want to ensure that these areas are covered in an algorithmic fairness audit. More details on this will be provided in the chapter covering AI.

The Crypto Headlines

The growth markets for many tech sector and consumer packaged goods (CPG) companies are in developing countries in Africa, Asia, and LATAM. Countries in those regions have been some of the fastest adopters of fintech, crypto, and digital assets. Because they lack long-standing legacies of formal banking structures, it has been easier for emerging markets, versus more developed economies, to become quick adopters of mobile options. So, especially for the global impacts involving users all over the world, it is bad enough that we have seen some of the biggest collapses and headlines of the crypto age emanating from the US-based companies, but certain crypto companies have also suffered data breaches that have destabilized digital asset markets in emerging economies.

By now all readers have seen headlines alleging executive incompetence and/or malfeasance in the crypto space and parading those CEOs across the media in virtual perp walks. In one headline, one crypto exchange accused another’s company and CEO of allowing a [c]abal of roommates in the Bahamas [to run] his crypto empire.¹³

In one case, in November 2022, over $600 million was siphoned from a crypto company in a breach. Its Telegram channel was compromised.¹⁴

In an interview on NPR, cybersecurity correspondent Jenna McLaughlin stated that the less-regulated crypto space does not have the cybersecurity requirements that the financial services sector has and that this has led to some large breaches in the past. For example, in October 2022, one of the biggest crypto exchanges reported potential losses of up to $500 million after a hack.¹⁵

Justice Is Coming: Are You Ready?

Recently, the US Department of Justice indicated that it will pursue new policies seeking C-level sign-off on corporate compliance programs and signaled that it will be expecting CEOs to vouch for corporate compliance programs.¹⁶ In addition, the recent criminal conviction of a CISO for a data breach has resulted in some commentators calling for the boards themselves to be accountable rather than only CISOs.

In short, the world of justice and legislation has realized the imperative that data must be cared for as an important and valuable asset for companies and society as well.

Data Breaches Are Not Uncommonbut Should Be

Unfortunately, data breaches are not as uncommon as we would like to think. In 2013 a major technology company had over 3 billion accounts compromised. In 2018 an Indian company saw 1.1 billion Indian citizens’ biometrics and identity information breached. In 2021 a business and employment social media company saw 700 million users’ information released on the dark web.¹⁷ Almost weekly, the media covers yet another breach for users to be concerned about.

Could your company be the next headline?

What Is Your Data Strategy?

Digital transformation/data innovation, once seen as an important trend for companies, has truly arrived and is here to stay. Business leaders must have a data strategy to effectively lead digital innovation. We’ll define digital transformation or data innovation as the process of using digital technologies to create new—or modify existing—business processes, culture, and customer experiences to meet changing business and market requirements. This reimagining of business in the digital age is digital transformation or data innovation.¹⁸ Digital transformation refers to a process of changing how a business operates and delivers value to its customers through implementing digital technologies. As a related concept, digital innovation refers to using digital technologies to create new products, services, or business solutions.

In reality, as I argued in my book titled Transform: Data as a PreTangible Asset for a Post-Data World (written before the pandemic), for most companies, data is the most valuable pre-tangible asset of your company—an asset that may not yet be fully realized by your business or anyone else in society but that nonetheless should be treated as a valued asset, much in the way that a hard asset is. Data is the fuel that drives innovation and is at the core of technologies such as generative AI. Just because data does not appear on a balance sheet, unless there is M&A, this does not make it any less valuable. Goodwill does appear on a balance sheet. The importance of data is all the more important because data carries with it the greatest risk of tarnishing your brand if ignored or mishandled.

Further, the ability to harness and optimize new technologies such as AI, machine learning, big data, and blockchain will make the difference between the companies that flourish tomorrow and the ones that die.

As